5cf961fd22d97346bba9e3e08e017f631a7ffcb3c406987a7feb1f9393a01a21

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2023, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5cf961fd22d97346bba9e3e08e017f631a7ffcb3c406987a7feb1f9393a01a21.exe
Size

3.9MB
MD5

6404006ce14cdcba0b792e28899e9cbd
SHA1

2d3f1492232f45608be1cc1f37e2a95dde4c771f
SHA256

5cf961fd22d97346bba9e3e08e017f631a7ffcb3c406987a7feb1f9393a01a21
SHA512

f93f6eb9121eed791ce41fd88ee1bad346ab27bb78b8a38d8f922ca91509691d020a1603da1e83e05784a102bb3389e53da2842a8aad9e9d95b5c7cfab60cd2d
SSDEEP

49152:Agh98D4xlsAOPmUIkUI8RUyvhoDCfVC0fLqaNl1XvGTx/S5rcWKjXNO:ua71feO

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
4164	5cf961fd22d97346bba9e3e08e017f631a7ffcb3c406987a7feb1f9393a01a21.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4792	svchost.exe

C:\Users\Admin\AppData\Local\Temp\5cf961fd22d97346bba9e3e08e017f631a7ffcb3c406987a7feb1f9393a01a21.exe
"C:\Users\Admin\AppData\Local\Temp\5cf961fd22d97346bba9e3e08e017f631a7ffcb3c406987a7feb1f9393a01a21.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4164

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1712

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
824a18de9e1bb125b7d28f3c47b012b1

SHA1
41bd74b124db1c1f8015f02fafb7e3d4c0e5ca1d

SHA256
6d94e8fc246d8c7f446bdcfb392bcd8fa72a9c84e3e377ecd883274803e277ac

SHA512
f65578d875d2c005aceadf62bb7d2db307a180e1021de7412ff2c321f32995f7a7d3243b40b39520c150f21a786713de003c3ca82e941b8eaf8df237f4624ff2

Download Submit
memory/4164-0-0x0000000000400000-0x00000000007F2000-memory.dmp

Filesize
3.9MB

Download
memory/4164-2-0x00007FFF73C80000-0x00007FFF73FAD000-memory.dmp

Filesize
3.2MB

Download
memory/4792-45-0x0000021217440000-0x0000021217441000-memory.dmp

Filesize
4KB

Download
memory/4792-47-0x0000021217440000-0x0000021217441000-memory.dmp

Filesize
4KB

Download
memory/4792-38-0x0000021217440000-0x0000021217441000-memory.dmp

Filesize
4KB

Download
memory/4792-39-0x0000021217440000-0x0000021217441000-memory.dmp

Filesize
4KB

Download
memory/4792-40-0x0000021217440000-0x0000021217441000-memory.dmp

Filesize
4KB

Download
memory/4792-41-0x0000021217440000-0x0000021217441000-memory.dmp

Filesize
4KB

Download
memory/4792-42-0x0000021217440000-0x0000021217441000-memory.dmp

Filesize
4KB

Download
memory/4792-43-0x0000021217440000-0x0000021217441000-memory.dmp

Filesize
4KB

Download
memory/4792-44-0x0000021217440000-0x0000021217441000-memory.dmp

Filesize
4KB

Download
memory/4792-21-0x000002120EE40000-0x000002120EE50000-memory.dmp

Filesize
64KB

Download
memory/4792-46-0x0000021217440000-0x0000021217441000-memory.dmp

Filesize
4KB

Download
memory/4792-37-0x0000021217420000-0x0000021217421000-memory.dmp

Filesize
4KB

Download
memory/4792-48-0x0000021217070000-0x0000021217071000-memory.dmp

Filesize
4KB

Download
memory/4792-49-0x0000021217060000-0x0000021217061000-memory.dmp

Filesize
4KB

Download
memory/4792-51-0x0000021217070000-0x0000021217071000-memory.dmp

Filesize
4KB

Download
memory/4792-54-0x0000021217060000-0x0000021217061000-memory.dmp

Filesize
4KB

Download
memory/4792-57-0x0000021216FA0000-0x0000021216FA1000-memory.dmp

Filesize
4KB

Download
memory/4792-5-0x000002120ED40000-0x000002120ED50000-memory.dmp

Filesize
64KB

Download
memory/4792-69-0x00000212171A0000-0x00000212171A1000-memory.dmp

Filesize
4KB

Download
memory/4792-71-0x00000212171B0000-0x00000212171B1000-memory.dmp

Filesize
4KB

Download
memory/4792-72-0x00000212171B0000-0x00000212171B1000-memory.dmp

Filesize
4KB

Download
memory/4792-73-0x00000212172C0000-0x00000212172C1000-memory.dmp

Filesize
4KB

Download